P.S. Certified 156-915.80 braindumps are available on Google Drive, GET MORE: https://drive.google.com/open?id=1kHtvfzv89_QPh4A3_cAnuAFq9mDuP3yP
New Check Point 156-915.80 Exam Dumps Collection (Question 6 - Question 15)
Question No: 6
You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window.
What must you enable to see the Directional Match?
A. directional_match(true) in the objects_5_0.C file on Security Management Server
B. VPN Directional Match on the Gateway objectu2021s VPN tab
C. VPN Directional Match on the VPN advanced window, in Global Properties
D. Advanced Routing on each Security Gateway
Answer: C
Question No: 7
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
B. Reinstall the Security Management Server and restore using upgrade_import.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Answer: C
Question No: 8
To provide full connectivity upgrade status, use command cphaprob fcustat
Answer:
Question No: 9
GAiA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
A. Check Point Upgrade Service Engine.
B. Check Point Software Update Agent
C. Check Point Remote Installation Daemon (CPRID)
D. Check Point Software Update Daemon
Answer: A
Question No: 10
You have three Gateways in a mesh community. Each gatewayu2021s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?
A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gatewayu2021s VPN Domain
C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.
Answer: B
Question No: 11
Fill in the blank with a numeric value. The default port number for standard TCP connections with the LDAP server is
Answer:
389
Question No: 12
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the .
A. destination on server side
B. source on server side
C. source on client side
D. destination on client side
Answer: D
Question No: 13
You are responsible for the configuration of MegaCorpu2021s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.
B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT
(bidirectional NAT).
C. Yes, there are always as many active NAT rules as there are connections.
D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
Answer: D
Question No: 14
Your R80 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
A. On a GAiA Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server objectu2021s Logs and Masters window, enable Schedule log switch, and select the Time object.
C. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
D. Create a time object, and add 48 hours as the interval. Select that time objectu2021s Global Properties > Logs and Masters window, to schedule a logswitch.
Answer: B
Question No: 15
How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?
A. Change the gateway settings to allow Captive Portal access via an external interface.
B. No action is necessary. This access is available by default.
C. Change the Identity Awareness settings under Global Properties to allow Captive Portal access on all interfaces.
D. Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an
external interface.
Answer: A
Recommend!! Get the Certified 156-915.80 dumps in VCE and PDF From Certleader, Welcome to download: https://www.certleader.com/156-915.80-dumps.html (New Q&As Version)